N/A
2026-04-20< 4.3.0.1
EventPrime – Events Calendar, Bookings and Tickets <= 4.3.0.0 - Authenticated (Subscriber+) Insecure Direct Object Reference
EventPrime – Events Calendar, Bookings and Tickets
Minimum safe version
4.3.0.1
Update to 4.3.0.1 or later to address 44 fixable vulnerabilities
Latest available4.3.2.3 ✓
N/A
2026-02-16< 4.2.8.5
EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint
N/A
2026-02-17< 4.2.8.5
EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter
Critical 9.8
2026-03-25< 4.2.8.1
CVE-2026-24378
High 7.5
2026-03-25< 4.2.7.0
CVE-2025-69358
High 7.5
2026-03-19< 4.2.8.4
CVE-2026-25312
Medium 5.3
2026-02-20< 4.2.8.4
EventPrime <= 4.2.8.3 - Unauthenticated Information Exposure
Medium 5.3
2026-01-28< 4.2.8.1
EventPrime <= 4.2.8.0 - Missing Authorization
Medium 5.3
2026-01-13< 4.2.8.0
CVE-2025-14507
Medium 4.3
2025-12-09< 4.2.5.0
CVE-2025-63007
Medium 4.3
2025-12-09< 4.2.5.0
CVE-2025-63006
Medium 4.3
2025-11-08< 4.2.0.1
CVE-2025-12498
Medium 5.3
2025-05-15< 3.5.0
EventPrime – Events Calendar, Bookings and Tickets <= 3.5.0 - Insecure Direct Object Reference to (Subscriber+) Arbitrary Booking Update
Medium 4.3
2025-03-07< 4.0.7.4
CVE-2024-13526
High 7.2
2024-12-17< 4.0.6.0
CVE-2024-12024
Medium 6.1
2024-10-24< 4.0.4.8
CVE-2024-9864
Medium 6.1
2024-10-24< 4.0.4.8
CVE-2024-9865
Medium 4.7
2024-10-10< 4.0.4.6
CVE-2024-47648
Medium 5.3
2024-09-10< 4.0.4.4
CVE-2024-8369
High 8.8
2024-11-01< 4.0.4.0
CVE-2024-43223
N/A
< 3.3.3
EventPrime – Modern Events Calendar, Bookings and Tickets < 3.3.3 - Contributor+ Stored XSS
Critical 9.8
2024-06-09< 3.3.5
CVE-2024-31275
Medium 5.9
2024-03-27< 3.4.0
CVE-2024-29776
Medium 4.3
2024-03-09< 3.4.4
CVE-2024-1124
Medium 5.3
2024-03-13< 3.4.3
CVE-2024-1321
Medium 6.1
2024-03-09< 3.4.4
CVE-2024-1320
Medium 6.5
2024-03-09< 3.4.3
CVE-2024-1123
Medium 5.3
2024-03-09< 3.4.4
CVE-2024-1125
Medium 4.3
2024-03-13< 3.4.2
CVE-2024-1127
Medium 4.3
2024-03-13< 3.4.3
CVE-2024-1126
High 8.2
2024-03-23< 3.4.0
CVE-2024-24832
N/A
< 3.4.0
WordPress EventPrime Plugin <= 3.3.9 is vulnerable to Broken Access Control
Medium 5.3
2024-01-22< 3.3.6
CVE-2023-6447
Medium 5.3
2023-11-27< 3.3.3
CVE-2023-4252
N/A
2023-11-23< 3.3.3
WordPress EventPrime Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-11-21< 3.3.3
EventPrime – Modern Events Calendar, Bookings and Tickets <= 3.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Medium 6.1
2023-10-31< 3.2.0
CVE-2023-5238
Medium 4.3
2023-10-31< 3.2.0
CVE-2023-5519
Medium 4.3
2023-10-31< 3.2.0
CVE-2023-4251
Medium 6.1
2023-10-31< 3.2.0
CVE-2023-4250
High 7.1
2023-10-24< 3.1.6
CVE-2023-45637
High 7.1
2023-06-20< 3.0.6
CVE-2023-35884
Medium 5.3
2024-05-17< 3.0.0
CVE-2023-33321
High 7.1
2023-05-28< 3.0.0
CVE-2023-33326